W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: CfC approved: CSP Level 2 to Candidate Recommendation

From: Daniel Veditz <dveditz@mozilla.com>
Date: Tue, 10 Feb 2015 14:08:22 -0800
Message-ID: <CADYDTCD5S7ihTaKos78QaM3EsO6rE-SxOLCrXJW1hDzvhiyC_g@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>
On Mon, Feb 9, 2015 at 9:46 PM, Mike West <mkwst@google.com> wrote:

> 3) The reflected-xss directive will remain, but be marked as "At Risk" and
> will be removed post-CR if multiple interoperable implementations cannot be
> demonstrated.
> I actually thought we'd agreed to just defer this to CSP3. I landed
> https://github.com/w3c/webappsec/commit/6f89d89bd4965040b9ad30bb8b7ed0105fe4ae10
> earlier this morning to do just that. Again, if I misunderstood, I'll
> revert it.

​Deferring it to CSP.next was my recollection of the call as well.
Received on Tuesday, 10 February 2015 22:08:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:46 UTC